I've a strange situation going on right now. To outline the setup of the environment: Two forests are in place. A user forest and a resource forest. The user forest consists out of Server 2008 R2 with an incoming 1-way trust from the resource forest. The resource forest consists out of Server 2008 R2 and Exchange Server 2010 SP1 with an outgoing 1-way trust to the user forest. When I create a user in the user forest, I can create a linked-mailbox for that user in the resource forest. Logging in to OWA works as expected. Example userdomain\testuser. Here is the strange part. When I change the user password in the user forest, it is possible the access the mailbox both with the old and new password. Am I missing something? Do I have to use FIM for example to tackle this problem?

Turns out I just have to wait. After approximately 2 hours the mailbox isn't accessible anymore with the old password. Why does the new password work instantly?

This is likely by design, please refer to articles below. Changing the Default Interval for User Tokens in IIS http://support.microsoft.com/default.aspx?scid=kb;EN-US;152526 XWEB: Mailbox Access via OWA Depends on IIS Token Cache http://support.microsoft.com/kb/173658 James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com